.. / CVE-2017-14651

Exploit for WSO2 Data Analytics Server 3.1.0 - Cross-Site Scripting (CVE-2017-14651)

Description:

WSO2 Data Analytics Server 3.1.0 is susceptible to cross-site scripting in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.

Nuclei Template

View the template here CVE-2017-14651.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2017/CVE-2017-14651.yaml

References:

https://github.com/ARPSyndicate/cvemon
https://github.com/cybersecurityworks/Disclosed/issues/15
https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2017-0265
https://cybersecurityworks.com/zerodays/cve-2017-14651-wso2.html
https://nvd.nist.gov/vuln/detail/CVE-2017-14651

.. / CVE-2017-14651 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WSO2 Data Analytics Server 3.1.0 - Cross-Site Scripting (CVE-2017-14651)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2017-14651